Uploaded image for project: 'Undertow'
  1. Undertow
  2. UNDERTOW-1135

Wrong schema extracted from x-forwarded-proto behind multiple upstream proxies

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • 2.0.0.Beta1, 1.4.19.Final
    • 1.4.18.Final
    • None
    • None

      We are trying to setup a system with multiple proxies: AWS load-balancer -> Spring Boot Zuul proxy -> Wildfly (simply forwarding port 80 through the chain exhibits the error).

      Wildfly is configured with proxy-address-forwarding="true".

      The Zuul proxy appends to the x-forwarded-* headers (like it is supposed to, if I understand the protocol correct). Wildfly generates invalid Location headers in that setup.

      The dumped request/response looks like this:

      ==============================================================
      2017-07-13 11:25:36,119 INFO [io.undertow.request.dump] (default task-6)
      ---------------------------REQUEST--------------------------
      URI=/internal/
      characterEncoding=null
      contentLength=-1
      contentType=null
      header=accept=text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
      header=accept-language=en
      header=cache-control=no-cache
      header=Accept-Encoding=gzip
      header=pragma=no-cache
      header=user-agent=Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55.0
      header=Connection=Keep-Alive
      header=x-forwarded-proto=http,http
      header=x-forwarded-port=80,80
      header=x-forwarded-for=<my-ip>, <load-balancer-ip>
      header=upgrade-insecure-requests=1
      header=x-forwarded-host=<load-balancer-host-name>
      header=host=<load-balancer-host-name>
      locale=[en]
      method=GET
      protocol=HTTP/1.1
      queryString=
      remoteAddr=<my-ip>:0
      remoteHost=<my-ip>
      scheme=http,http
      host=<load-balancer-host-name>
      serverPort=0
      -------------------------RESPONSE-------------------------
      contentLength=0
      contentType=null
      header=Expires=-1
      header=Cache-Control=no-cache
      header=X-Powered-By=Undertow/1
      header=Set-Cookie=JSESSIONID=gDFvl_3nY5rn9yUcj3sDaXN8dnMvjA6Ti9Lbm1_a.win-m5ucuvcm1t7; path=/internal
      header=Server=WildFly/10
      header=Location=http,http://<load-balancer-host-name>/internal/login/
      header=Accept-Ranges=bytes
      header=Date=Thu, 13 Jul 2017 11:25:36 GMT
      header=Connection=keep-alive
      header=Content-Length=0
      status=302
      ==============================================================

      So it seems like Wildfly/undertow does not handle the x-forwarded-proto header correctly (notice the "Location=http,http://<correct-url>" header that is returned in the redirect...)

        1. DezideProxyPeerAddressHandler.java
          5 kB

              sdouglas1@redhat.com Stuart Douglas (Inactive)
              cpoulsen-1 Chris Poulsen (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: